Manualshelf

HP-UX Role-Based Access Control B.11.31.04 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i Role-based Access Control (RBAC) Software
12345678910
HP-UX Role-Based Access Control B.11.31.04
The information in this document is for HP-UX Role-Based Access Control (RBAC) version
B.11.31.04 only.
HP-UX RBAC Overview
HP-UX RBAC is an alternative to the traditional “all-or-nothing” root user model, which grants
permissions to the root user for all operations, and denies permissions to non-root users for
certain operations. HP-UX RBAC allows you to distribute administrative responsibilities by
creating roles with appropriate authorizations and assigning them to non-root users and groups.
HP-UX RBAC includes the following main components:
Privilege shells (privsh, privksh, and privcsh) that automatically invoke the access
control subsystem to run commands with privileges when appropriate.
RBAC System Management Homepage (SMH) integration to allow the graphical management
of the RBAC databases through a Web interface.
The privrun wrapper command that allows authorized users and groups to run existing
legacy applications with varying levels of privileges without modifying the application.
The privedit command that allows authorized users and groups to edit files they normally
would not be able to edit because of file permissions or Access Control Lists.
Customizable Access Control Policy Switch (ACPS) that determines whether a subject is
authorized to perform an operation on an object.
Access Control Policy Module (ACPM) to evaluate HP-UX RBAC databases and service
access control requests.
Management commands to edit and validate HP-UX RBAC database files.
HP-UX RBAC Features
HP-UX RBAC offers the following features:
Integrates with the Fine-Grained Privileges and Compartments components of the HP-UX
11i Security Containment features.
Integrates with HP-UX audit system to produce a single, unified audit trail.
Pluggable architecture for customizing access control decisions and integrating existing
access control policy information.
Pre-defined configuration files to facilitate quick and easy deployment.
Flexible re-authentication ability via PAM to allow restrictions on a per command basis.
Fully supported HP product.
NOTE: The recently released HP-UX Identity Management Integration A.01.00 feature allows
you to manage HP-UX RBAC operations using the HP OpenView Select Access Policy Builder
GUI.
To learn more about the HP-UX Identity Management Integration feature, select HP-UX Identity
Management Integration on Software Depot:
http://www.software.hp.com
HP-UX RBAC Documentation
Use the following documents in conjunction with each other when using HP-UX RBAC B.11.31.04:
HP-UX RBAC B.11.31.04 Release Notes
HP-UX System Administrator's Guide (volume 4): Security Management
HP-UX RBAC Overview 7